1 reply

To specify the negotiation mode to use as the phase 1 initiator for a specific security association, configure the HowToInitiate parameter on the KeyExchangeAction statement referenced by a KeyExchangeRule statement. You can also specify a global value for the negotiation mode by configuring the HowToInitiate parameter on the KeyExchangePolicy statement.

You can specify any of the following values on the HowToInitiate parameter:

Main - indicates that IKE version 1 with identity protection is used when key negotiations are initiated by this system.

Aggressive - Indicates that IKE version 1 without identity protection is used when key negotiations are initiated by this system.

IKEv2 - indicates that IKE version 2 is used when key negotiations are initiated by this system.

DoNot - indicates that the local system cannot initiate a key exchange negotiation.

If HowToInitiate is not specified on the KeyExchangeAction statement, the IKE daemon will use the value from the HowToInitiate parameter in the KeyExchangePolicy statement.